Everything You Need to Know About WannaCry Ransomware Attack.
The concept of ransomware is not new, but WannaCry is by far the most popular ransomware. In 2 days, the malware infected more than 200,000 computers in more than 150 countries around the world.
So what exactly is WannaCry?
How will this affect me?
How can I prevent this?
Well, here’s everything you need to know about WannaCry in plain English.
What is WannaCry ransomware?
This is a program that encrypts all your files on your computer and then pops up asking for big money (usually $ 300-600). If you have this on your system, you can cry and that name too. But sometimes it also applied to WannaCryptor or WCry.
And since they are asking for a ransom in bitcoin (which can be easily hidden), there is no way to track down the culprit.
Note. You can still use your computer even if it is encrypted with WannaCry. It’s just that your data is probably gone, but once you format the drive you’re done.
Image courtesy of Talos, who explained the technical aspect of WannaCry in detail.
How much is the ransom?
WannaCry is demanding a $ 300 ransom in Bitcoin. If the user does not pay the ransom within three days, the amount is doubled to $ 600. And if you don’t make a payment within seven days, WannaCry will delete all files. After that, there is no way to get the data.
Why did WannaCrypt ransomware spread so quickly?
As I said earlier, ransomware is not new. Microsoft discovered this method back in March 2017 and simultaneously released a patch for vulnerabilities in SMBv1. However, these patches were for a newer version of Windows such as Windows 7,8,10 or Windows server 2008, etc.
If you are updating Windows, chances are you already have the patch.
However, there are many organizations, such as government hospitals and legacy businesses, using older and unsupported versions of Windows, such as Windows XP and Windows 3.0. Now, since Microsoft no longer supports this version, no patches were released for them.
Who are injured?
Anyone who has both consumer and server versions of Windows installed on their computer. But since Microsoft released patches back in March, most home users are protected from WannaCry (assuming they’ve installed the updates).
The vast majority of people infected with WannaCry are those using an older version of Windows, such as Windows XP. These are usually government hospitals and old businesses that have not updated their system for a long time. And believe me, there are many of them all over the world.
Also, from a hacker’s point of view, it makes sense to target the business rather than home users, since the business has much more valuable data that they are willing to pay to get it back.
For example, here in India, according to Live Mint, 120 computers of the Gujarat government are infected with the WannaCry virus.
Image Credit: Countries Initially Affected by WannaCry Ransomware
What is the key to kill you want to cry?
You may have heard people say, “Emergency switch slows down the spread of WannaCry ransomware.”
Well, Killswitch is a piece of program code that, when activated, kills the program. According to this article PCWorld.
Wana Decryptor infects systems through malware that first tries to connect to an unregistered web domain. It looks like the kill switch works like this: if the malware cannot connect to the domain, it will continue infecting. If the connection is successful, the program will stop the attack.
Where does it come from?
There is no fixed way to find out yet. But security researchers from Kaspersky and Symantec said the early version of WannaCry’s code is similar to the code used in a 2015 backdoor created by government-affiliated North Korean hackers. A source
Is the attack over?
No. There is no confirmed fix for WannaCry yet.
Bleeping computer has a detailed guide to uninstall WannaCry. But there is no evidence of how effective this method is. In my own word.
However, this guide won’t let you decrypt the files for free. This is currently not possible. I will provide the steps you can use to possibly recover your files (unlikely chance, unfortunately) and the methods you can use to protect your computer from future ransomware.
What can you do to prevent it?
There is no way to decrypt the data yet. So, if your computer is infected, there is little you can do. Although it is advisable not to pay the ransom, because even if you pay, there is no confirmation, you will receive the data back.
Also, block infected machines. Make sure it’s not connected to your network, and don’t use it for anything. WannaCry is a worm, meaning it spreads itself from one computer to another.
For everyone else, here are a few things you can do –
Create multiple backups of important data. Save one to an external hard drive and upload another copy to the cloud. Please note that data on the server can also be encrypted with WannaCry, so have more than one physical copy.
2. Update Windows.
Always keep your Windows system up to date with the latest security fixes.
3. Use common sense.
Don’t click on attachments in emails from people you don’t know, and don’t download suspicious material from torrents.
4. Use Malware-Byte
Usually I’m not a big fan of antivirus, but if the computer is run by not very tech-savvy people, then having a good antivirus makes sense.